Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


DFSR Replication problem - only replicating in one direction

Posted on 2010-01-10
Medium Priority
Last Modified: 2012-05-08
I am trying to setup DFSR on a number of server 2008 machines and am not having alot of joy.

We have two file servers in our head office and one in a branch office, the DFS setup i want is as follows.

1. HOFS1 (head office file server 1) Applications drive synched with BFS01 (branch file server)

2. BFS01 sending up two folders onto HOFS2 (for backups)

In order to do this i setup a replication group for each situation, what is happening is the branch server is receiving replication from the Head office servers but the Head office servers receive no replication from the branch server.
ie. if i create a folder at head office it does replicate to the branch server but if i create the file on the branch server it won't replicate to head office.

On the HO servers i get the following error-
The DFS Replication service encountered an error communicating with partner RYDDC1 for replication group Applications Drive DFS.
Partner DNS address: bfs01.contoso.local
Optional data if available:
Partner WINS Address: bfs01
Partner IP Address:
The service will retry the connection periodically.
Additional Information:
Error: 1753 (There are no more endpoints available from the endpoint mapper.)
Connection ID: E90D977A-6A6D-4D9C-869B-1AC3AF63EE2B
Replication Group ID: 9B1324F5-5945-4511-9F83-BCF2A63DB7E6

On the Branch file server i get the following error-
The DFS Replication service failed to communicate with partner WFS02 for replication group ryddc1 to wfs02 dfs test. The partner did not recognize the connection or the replication group configuration.
Partner DNS Address: hofs02.rap.local
Optional data if available:
Partner WINS Address: hofs02
Partner IP Address:
The service will retry the connection periodically.
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: 7DA245B6-AD8A-4032-9A59-E8A54B13916C
Replication Group ID: C5DB2B5A-B524-4880-9B8B-F2D39BC59678

Any ideas what could be going on?
I've turned off local firewalls completely, disabled anti-virus and gotten an 'any' rule created on our corporate firewall between these servers.

Ohh the branch server bfs01 is also a domain controller, while the two head office servers are just running file services.

I setup a test replication group between the two head office servers and everything worked fine which led me to think it was corporate firewall, however any communication between these servers.

Really appreciate some help with this been struggling away at it for a week now without real success.
Question by:andoss
  • 3
  • 3

Author Comment

ID: 26280783
As bfs01 is a domain controller it's running the 'File Replication Service', i thought this could possibly be causing a conflict and stopping DFSR from working?

I just can't figure what else is different between the servers, there is just the location (branch office so different subnet) and the fact it's running domain services.
LVL 24

Expert Comment

ID: 26319828
Please run a DFS-R health report using dfsmgmt.msc as it will show you the exact connection object that is invalid,it can be removed & recreated to add it back.
Use Dfsrdiag pollad /mem:<member name> to force a poll & see if error goes away.
LVL 24

Expert Comment

ID: 26319838
Also check for Dns & AD replication is working correctly.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 24

Expert Comment

ID: 26319922
# Cause:

DFSR servers do not have permission to read AD information on themself or their
This has been changed by the customer, there are no bugs here.
Without auditing you will not be able to determine show changed these permissions
and only infer when they were changed.

# Solution:

Verify that "Authenticated Users" is set with the default READ permission on:

- The computer object in AD
- The DFSR-LocalSettings object under the computer
- The msdfsr-subscriber object under the localsettings object
- The msdfsr-subscription object under the subscriber object

(and that there are no denies set for groups that the servers could be a member of).

Once permissions are correct, use DFSRDIAG POLLAD to pick up the changes.

Author Comment

ID: 26320176
Thanks very much for the reply Awinish.

The DFSR Health Report comes up with errors on one connection and warnings on the other connection, not sure what you mean by invalid but i've tried deleting and recreating them both without success.

DNS & AD Replication is all working correctly from what i can see.

I checked the permissions in adsiedit.msc that you listed and they all seem correct except i'm unable to find any msdfsr-subscriber or msdfsr-subscription objects. Are these still used in Server 2008? All i can see under the local settings object is another object with a GUID name and this has correct permissions anyway.

I'm considering demoting the branch server from being a domain controller and giving DFSR a shot after that, however it's a big job as i'll need to do it after hours etc. Can you see that being worthwhile or just going to be wasting my time?

Accepted Solution

andoss earned 0 total points
ID: 26376258
The problem was with the StaticRPC port i had set.

I ran the dfsrdiag staticrpc /port:41954 command on all three servers but it didn't seem to take effect on the branch server.

I found this out by getting the network guys to check firewall logs, all comms were coming from 41954 and going to one of the random RPC ports.
I assume the branch server was sending data on one of the random RPC ports but the head office servers were only listening on 41954.

ran the command dfsrdiag staticrpc /port:41954 /member:bfs01 from our HO server and replication started working straight away.

Pretty frustrating....

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question